pescador wrote:I have tried to solve this challenge, and I don't know what I'm doing wrong. Perhaps I'm missing something, and that's why this one's difficulty is rated insane. Each of the steps sudoku solving (all solutions), hashing and blowfish decrypting (CBC) do not seem insanely difficult to me, but I never get the right solution. I assume that the solution must be something readable because the challenge says to "submit the most likely solution".

I've tested my decryption algorithm against the supplied encryption one, and it works.

Is there someone who's already solved this one that I can mail a solution to with all intermediate steps, so that he can tell me what I'm doing?

Defience wrote:Here's an example of a properly decrypted answer: SCXmdR

It looks like there's a problem with your decryption code.

i got serious difficulties ending this mission. solving the soduko is very easy (writing a recursive function solves the sudoku in 1 second). sometimes, it has more than one solution.

finding the sha1 hashes of the solution is very easy (not sure if i need only the missing cases comma delimited or the entire grid. tried both)

I believe there are a couple of changes that need to be made to the blowfish file first and the password should be legible. It won't be a word but will be like the example I gave: SCXmdR If you get a bunch of illegal unicode characters....you're not doing something right.

Defience wrote:I believe there are a couple of changes that need to be made to the blowfish file first and the password should be legible. It won't be a word but will be like the example I gave: SCXmdR If you get a bunch of illegal unicode characters....you're not doing something right.

really difficult to know what need to be changed ;0(

can i know the architecture (php version, o/s, cpu), the script is running on ?

After finishing this i can give a few pointers that really took me a while to find out..If you happen to use php and use the site implementation of blowfish REMEMBER that the key you pass to it should only be the solved sudoku..not the sha1 of the solved sudoku,as when you do $blowfish->keys($key); the key gets sha1'd..took me really ages to find out,as i missed that line inside the code..Also when you create the decrypt function the password must be base64 decoded first then passed to blowfish scheme.PS: the resulting password that you must submit to HTS should be composed of charset a-z A-Z 0-9 plus symbols !"£%&/()= eccso if you get that don't think you are wrong..only if you get illegal characters..my answer was something along qDrvA& ..

A few pointers to anyone stuck on this mission. Do not be fooled, this mission is actually very easy. If you can read code and you completed algebra in school than you can do this mission. Now, if you know php and have a web-server to run php code than I suggest using it for this mission, because the only insane part of this mission is emulating the php servers integer handling exactly. Let me explain:

I first wrote this mission using a 32bit version of perl I could encrypt and decrypt perfectly my own strings and keys perfectly. When I ran the program to solve the mission online however, I only got crappy extended ascii characters that couldn't possibly be the answer. After some debugging I found out that Perl's built in binary XOR overflows with numbers above 2^32-1, and will return 32 1s for any number above that without any warning. However, perl can do algebra computations above 2^32 fine. The only way to know if you computer is overflowing is to actually watch the binary calculations carefully, not just look at the final decimal outputs. Thanks to QtDevl I was able to discover that the server code handles all the binary calculations as 64 bit integers, not 32 bit. I was able to implement this fine using perl's BigInt package, but than ran into problems because the Perl pack function errors without warning when you try to pack an integer over 32 bits. However, with some more debugging I figured out that the PHP pack function used in the script has an implicit modulus 2^32 with it to handle this situation. With those corrections the code works fine. It took me 20 minutes to write the sudoku and decryption methods. It took me like 10 days to figure out these two small, but crucial details.

Long story short, if you have run into problems with getting a solution that works with the website, even though you can properly encrypt and decrypt your own strings and keys properly. Then your problem likely has to do with a difference between how your program's language handles integers compared to the php server which is producing the sudoku and the encrypted blowfish string. The two things you need to know to fix your code:

1)The server script uses 64-bit integers to handle all encryption and decryption manipulations (ie XOR)2)There is a hidden modulus 4294967296 associated with numbers passed to the pack function in the script.

If any of this is considered too much of a spoiler, please just let me know and I will rewrite it more cryptically. However, I figured the mission was actually in writing the necessary decryption methods and sudoku solver, rather than in deciphering exactly how the php server is handling the numbers. I am not even sure if it is possible to figure that out on your own. It would have been impossible for me without extensive help from QtDevl who happened to do it in php and was willing to give me a ridiculous amount of output from each step. I apologize if I am wrong in this assumption. If I am right and figuring these two things out is not supposed to be the mission, then Id suggest someone please add these two details to the mission page or make them explicit in the php script.

Notes to anyone stuck on this still (took me many tries to get the decryption part):

1. the easiest way is to just screw it and use php, I fucked around with python and got nowhere2. make sure it's 64bit OS and 64bit PHP (use http://ideone.com/JWKIf)3. use the provided encryption file and write a decryption for it4. you can use the blowfish.php linked at the top of the file for inspiration5. you pass to keys() the sha1'd answer, even if keys() tries to sha1 it again6. the answer should be human readable characters only

Using php I'm able to solve puzzle, get all solutions and reverse engineer blowfish encrypt method in the php file. but i can't get a human readable password! is this because i'm using 32 bit OS?I tried both coma delimited/none delimited sudoku solution as key, also tried sha1 the key in both cases but i'm getting illegal characters! (my decryption method works as i tested it on random keys)